Meta

Posts Tagged ‘safety-critical’

The hardest part of DO-254 is not the requirements. It’s not the design. It’s not the verification.

We just wrapped up this year’s 3-day DO-254 Practitioner’s Course, and each year I learn something new. In this year’s training we had attendees from major aerospace companies including Curtiss Wright, Rolls Royce, Sierra Nevada Corporation, Thales and Woodward. It’s always a pleasure to meet the aerospace folks and learn about their projects, goals and challenges. This is the fifth year we’ve done these trainings and each time I pick up subtle points from the instructor showing his impressive expertise in the subject.

This year’s subtle point that I picked up is about the hardest part of DO-254.

The hardest part of DO-254 is the cultural change that needs to take place in order for the organization to successfully comply to DO-254. This can be the make or break of the project. It doesn’t matter if you have top-notch planning documents if no one will adhere to them. It doesn’t matter if you’ve written 1000+ page requirements document, but the verification engineers cannot use them because the requirements are not verifiable. It doesn’t matter if you have the best design standards if your designers would not abide by them. It doesn’t matter if you have the latest verification tools but no one in your team understands how to satisfy tool assessment and qualification. It doesn’t matter if you have the most comprehensive review checklists if your reviewers will not use them and document the review activities and results.

DO-254 is a collection of industry best practices and all of its processes are tightly integrated, but it doesn’t matter if you have the DO-254 processes tightly in place if your team members will not abide by them. The hardest part of DO-254 is the cultural change that needs to be embraced by all team members. The cultural change is what can get you.

Many organizations new to DO-254 are eager to jump on board and start applying DO-254 to their projects due to its high demand in the avionics industry. You might be ready to take the leap and make the cultural change yourself, but is the rest of your team and organization ready for the cultural change?

If you’d like to learn more, or register for next year’s class, call us at 1+702-990-4400 or email training@aldec.com.

You have been developing FPGAs for a long time, and you know your designs from top to bottom. You know every interface protocol, configuration and optimization. You can visualize your timing diagram like you can visualize your upcoming vacation in Hawaii. You can manually write down your memory mapping accurately while under oath. You can pinpoint all CDC paths and emulate metastability in your mind. You are confident that your designs are fault-tolerant and will function as intended. You are the master of your domain.

But… can you bet your life on it?

Are you willing to bet your life on your designs? What about the lives of the thousands of passengers sitting on the airplanes where your FPGA design is installed? How certain are you that it won’t fail in the field? If it were to fail, can it resume normal operation safely and timely? Not just MOST of the time, but EVERY time?

If they’re being honest, anyone who has verified an FPGA under strict DO-254 guidance will tell you that it is stressful. Show me an engineer on their first DO-254 project – and I’ll show you someone pulling out their hair and downing what is probably their 5th cup of coffee while these important questions weigh heavy on their minds:

Have we reviewed all FPGA requirements and validated derived FPGA requirements? Do we have a good record of the review activities?

Do I have a test for each functional FPGA requirement? What’s the status of the tests? How do I track the progress and document the results?

If you attended the Monday Night Reception at DAC 2014, you were greeted with a blast of 80s pop music. If you then said to yourself, “I’d like to meet the genius behind that idea” – that would be me. A few weeks before DAC, our marketing manager came to me with the task of being the DJ for the Monday night reception. As soon as I heard “DJ” I envisioned turntables, cool headphones, disco lights and all the fame that follows. My dreams were dashed a few moments later when she explained that I would only have a PA and a laptop.

Undaunted, I resolved to be the best DJ in the history of DAC Monday Night Networking Receptions. The first challenge was finding music everyone would enjoy. I naturally settled on 80s pop as my genre. I had the brilliant idea of picking a few songs from each year and playing it as a progressive 80s timeline during the evening. I changed my mind when I realized that bright idea would require some serious manual research and work.

Did I give up? Of course not. I did what any good engineer would do – I found an easy (and smart) solution that did not require substantial extra effort – a bit like re-using verification ip’s instead of making them from scratch. This level of engineering genius is often mistakenly perceived as laziness, but I like to call it being smart. In fact I recently wrote a blog on the topic of working smart not hard.

As a DO-254 evangelist, I travel quite a bit attending conferences and meeting customers all over the world. One question I occasionally get from engineers is whether Aldec’s mil/aero verification solution, DO-254/CTS™, supports verification of FPGA designs with high speed interfaces (for example ARINC 818, LVDS, DDR3 or PCIe).

It occurred to me that it has been a few months since we shared an update on HiPer Simulation A/MS. Following DAC 2013 and Daniel Payne’s posts at SemiWiki (post 1, post 2), we at Aldec and Tanner EDA have received many inquiries from the field, conducted a number of evaluations, and deployed our analog/mixed-signal (AMS) design flow with our first mutual customers. In this article, I’ll share more the mixed-signal simulation methodology and highlight some of Verilog-AMS use cases that we have seen in the field.

Digital & Analog HDLs

The Verilog and VHDL languages were designed to handle discrete signals, where the number of possible signal values is limited (e.g. 1, 0, X, Z). Whereas Verilog-A was designed to handle continuous-time (analog) signals, that can take any value from a continuous range at any point.

A few weeks ago I had the opportunity to sit down with an avionics industry certification expert, FAA Consultant Designated Engineering Representative (DER), Randall Fulton. We began discussing common mistakes in DO-254 projects, and then branched out to many different areas including future of DO-254, industry engineering best practices, and his advice to organizations new to DO-254.

Louie: In your experience, what are the common mistakes in DO-254 projects?

Randall: Starting certification liaison activities and the SOI-1 planning audit after the design already exists. Many projects also need to read the additional guidance from the FAA in Order 8110.105 to understand the impact and be prepared to show the data to satisfy the Order. Organizations also underestimate the resources required for a project. This includes staffing as well as managing all the data. Another common area is not appreciating the impact of effective requirements writing skills.